ET EXPLOIT Possible Symantec Malicious MIME Doc Name Overflow (EICAR) toclient M2

7.0.35.0SID: 2022932Rev: 3Enabled1 views
Sourceet/open
Fileemerging-exploit.rules
CreatedJune 30, 2016
UpdatedMarch 14, 2024
Classificationattempted-admin
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible Symantec Malicious MIME Doc Name Overflow (EICAR) toclient M2"; flow:established,to_client; file.data; content:"Content-Type|3a 20|"; nocase; content:"name"; nocase; isdataat:78,relative; pcre:"/^\s*=\s*[\x22\x27][^\x22\x27\r\n]{78}/R"; content:"|57 44 56 50 49 56 41 6c 51 45 46 51 57 7a 52 63 55 46 70 59 4e 54 51 6f 55 46 34 70 4e 30 4e 44 4b 54 64 39 4a 45 56 4a 51 30 46 53|"; reference:url,bugs.chromium.org/p/project-zero/issues/detail?id=823&q=; classtype:attempted-admin; sid:2022932; rev:3; metadata:created_at 2016_06_30, confidence Medium, signature_severity Major, updated_at 2024_03_14;)

Metadata

created at2016_06_30
confidenceMedium
signature severityMajor
updated at2024_03_14

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!